STIGQter STIGQter: STIG Summary: McAfee VirusScan 8.8 Local Client STIG Version: 5 Release: 16 Benchmark Date: 27 Jul 2018: McAfee VirusScan On-Access Scanner General Settings Artemis Heuristic network check for suspicious files must be enabled and set to sensitivity level Medium or higher.

DISA Rule

SV-56405r1_rule

Vulnerability Number

V-35027

Group Title

DTAM137-McAfee VirusScan File Reputation Service

Rule Version

DTAM137

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the General tab, locate the "Artemis (Heuristic network check for suspicious files):" label. Select the "Medium" option.

Click OK to Save.

Check Contents

NOTE: For systems on the SIPRnet, this check is Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the General tab, locate the "Artemis (Heuristic network check for suspicious files):" label. Ensure the Sensitivity level is set to "Medium" or higher.

Criteria: If the Sensitivity level of "Medium", or higher, is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner

Criteria: If the value of ArtemisEnabled is REG_DWORD = 0, this is a finding.
If the value of ArtemisLevel is REG_DWORD = 0 or REG_DWORD = 1, this is a finding.
If the value of ArtemisEnabled is REG_DWORD = 1 and the ArtemisLevel is REG_DWORD = 2, 3 or 4, this is not a finding.

Vulnerability Number

V-35027

Documentable

False

Rule Version

DTAM137

Severity Override Guidance

NOTE: For systems on the SIPRnet, this check is Not Applicable.

Access the local VirusScan console by clicking Start->All Programs->McAfee->VirusScan Console.
On the menu bar, click Task->On-Access Scanner Properties.
Select the General Settings.

Under the General tab, locate the "Artemis (Heuristic network check for suspicious files):" label. Ensure the Sensitivity level is set to "Medium" or higher.

Criteria: If the Sensitivity level of "Medium", or higher, is selected, this is not a finding.

On the client machine, use the Windows Registry Editor to navigate to the following key:
HKLM\Software\McAfee\ (32-bit)
HKLM\Software\Wow6432Node\McAfee\ (64-bit)
SystemCore\VSCore\On Access Scanner

Criteria: If the value of ArtemisEnabled is REG_DWORD = 0, this is a finding.
If the value of ArtemisLevel is REG_DWORD = 0 or REG_DWORD = 1, this is a finding.
If the value of ArtemisEnabled is REG_DWORD = 1 and the ArtemisLevel is REG_DWORD = 2, 3 or 4, this is not a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

605

Comments